Norton Power Eraser Finding Things

[dvideo]

Tried to go to squarespace.com today (a popular site) and mistyped the URL.

Norton Power Eraser popped up and said a large amount of outgoing traffic was detected and recommended running Power Eraser. I did and it said it fixed the registry but still lists

C:\Windows\System32\Tasks
OneDrive Standalone Update Task-S-1-5-21-2604578423-1325664717-4041599089-1001

and

C:\Windows\Tasks
CreateExplorerShellUnelevatedTask.job

as concerns. Malwarebytes Scan even with rootkit check does not detect anything.

How can I be sure I'm not infected?

Thanks.

[dvideo]

Also ran ESET and it came back clear.

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

[dvideo]

@nasdaq

Thanks I sent you the files.

[nasdaq]

That is not the files it's a link to my profile.

From now on all post must be sent in this topic.

Please repeat the posts here.

 

 

 

 

[dvideo]

Right I messaged you with the files in your inbox here on the forum. Did you not get them?

I was concerned posting the files here could cause a security or privacy issue.

[dvideo]

Here is the information you asked for...

Log file links...

Addition.txt

FRST.txt

Also, these are the things Norton Power Eraser warned me about...

Registry error (which it said it fixed)

C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job (Not sure what's in this or if I could just delete it)

C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2604578423-1325664717-4041599089-1001 (For now I disabled this task from running)

I also see User_Feed_Synchronization-{18F9BE0A-7447-462A-B043-D03C5309F76E} but have no idea if I should be concerned.

Thanks!
 

[nasdaq]

Hi,

Run thi fix to clean all the empty registry items.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your concerned items.

C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job (Not sure what's in this or if I could just delete it)

This is the reaspn you are getting the warnong from Norton.

You are running Explorer in an Unelevated task.
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

As suggested in this article:
https://www.tenforums.com/general-support/79917-whats-createexplorershellunelevatedtask.html

You can run the task to by pass the UAC prompt.

You will have to change the CreateExplorerShellUnelevatedTask.job as suggested here.

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\Explorer.EXE /NOUACCHECK

You may want to keep the protection you have now. Your call.
=====

I also see User_Feed_Synchronization-{18F9BE0A-7447-462A-B043-D03C5309F76E} but have no idea if I should be concerned.

If you do not subscribe to any RSS feeds at all disable it.
https://answers.microsoft.com/en-us/windows/forum/windows_xp-performance/microsoft-feeds-synchronization/89ffe6c5-d690-4d17-9bab-9e959e94286e?messageId=570a436b-5a7d-46d9-9456-3001d604618b
===

Hope that helps.

[dvideo]

3 hours ago, nasdaq said:

Sorry I don't see an attached Fixlist.txt file. What is that? Is that generated by you or FRST? Thanks.

 

 

[nasdaq]

Hi,

My bad, I forgot to attach the file.

Here it is.

fixlist.txt

[dvideo]

No problem.

Could you tell me what this process will do,  like what is in that .txt file? Is it just removing a few empty registry items or did you notice malware this addresses? Thanks.

[nasdaq]

This is just a cleanup at the moment.

No malware was found.

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks